#!/bin/bash
# The following may be heavily borrowed from, if not
# copied from, the NSA's December 20, 2007 "Guide to the
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Ensure that No Dangerous Directories Exist in Root’s Path

#Initialize variables
export PRECHECK='for i in `echo $PATH | tr : " "`; do 
	if ( [ -d $i ] && [ -n "$(find $i -maxdepth 0 -perm /g+w,o+w)" ] ); then 
		j=$j$i;
	fi;
done;
[ -z $j ] && echo all is clear' 
export QUESTION="Would you like to ensure that no dangerous directories exist in root’s path?"
export DESCRIPTION="It is important to prevent root from executing unknown or untrusted programs, since such programs could contain malicious code. Therefore, root should not run programs installed by unprivileged users. Since root may often be working inside untrusted directories, the . character, which represents the current directory, should never be in the root path, nor should any directory which can be written to by an unprivileged or semi-privileged (system) user."
export SOLUTION='for i in `echo $PATH | tr : " "`; do if [ -d $i ]; then chmod go-w $i; fi; done'
